What is a Subnet?

A subnet is a logical organization of network address ranges used to separate hosts and
network devices from each other to serve a design purpose. In many cases, subnets are
created to serve as physical or geographical separations similar to those found between
rooms, floors, buildings, or cities.

Most modern subnet definitions are created according to 3 main factors. These include:
the number of hosts that needs to exist on the subnet now and in the future;
the necessary security controls between networks; and
the performance required for communications between hosts.
Legacy Subnets

Legacy subnets were not flexible because they had predefined limitations on their size
and numbers. These were called "classful" networks because each network could be
easily identified and placed into a specific class. Shown below is a table containing the
original "classful" definitions for IP addresses:
IP Address Range CIDR Equivalent Purpose RFC Class Total # of
Addresses
0.0.0.0 - 0.255.255.255 0.0.0.0/8 Zero Addresses 1700 A
16,777,216
10.0.0.0 - 10.255.255.255 10.0.0.0/8 Private IP addresses 1918 A
16,777,216
127.0.0.0 - 127.255.255.255 127.0.0.0/8 Localhost Loopback Address 1700 A
16,777,216
169.254.0.0 - 169.254.255.255 169.254.0.0/16 Zeroconf / APIPA 3330
B 65,536
172.16.0.0 - 172.31.255.255 172.16.0.0/12 Private IP addresses 1918 B
1,048,576
192.0.2.0 - 192.0.2.255 192.0.2.0/24 Documentation and Examples 3330
C 256
192.88.99.0 - 192.88.99.255 192.88.99.0/24 IPv6 to IPv4 relay Anycast 3068
C 256
192.168.0.0 - 192.168.255.255 192.168.0.0/16 Private IP addresses 1918
C 65,536
198.18.0.0 - 198.19.255.255 198.18.0.0/15 Network Device Benchmark 2544 C
131,072
224.0.0.0 - 239.255.255.255 224.0.0.0/4 Multicast 3171 D 268,435,456
240.0.0.0 - 255.255.255.255 240.0.0.0/4 Reserved 1700 E 268,435,456

Classless IP Addresses

With the advent of CIDR (Classless Inter-Domain Routing), the "classful" definition of
subnet divisions was lifted. Any network address could be defined just as any of the
"classful" subnet of the past could be defined. All that is required is enough neighboring

1
address space to cover all the IP addresses needed. Classless addresses also assist in
reducing the overall size of the global routing tables on network devices.

What is Subnetting?
Subnetting is the process of breaking down an IP network into smaller sub-networks
called "subnets." Each subnet is a non-physical description (or ID) for a physical sub-
network (usually a switched network of host containing a single router in a multi-router
network).

Subnet Mask Notation

There are two forms of subnet notation, standard notation and CIDR (Classless Internet
Domain Routing) notation. Both versions of notation use a base address (or network
address) to define the starting point of the network, such as 192.168.1.0. This means that
the network begins at 192.168.1.0 and the first possible host IP address on this subnet
would be 192.168.1.1.

In standard subnet mask notation, a four octet numeric value is used as with the base
address, for example 255.255.255.0. The standard mask can be calculated by creating
four binary values for each octet, and assigning the binary digit of .1. to the network
potion, and assigning the binary digit of .0. to the network potion. In the example above
this value would be 11111111.11111111.11111111.00000000. In combination with the
base address you have a subnet definition, in this case the subnet in standard notation
would be 192.168.1.0 255.255.255.0.

In CIDR notation, the number of 1.s in the binary version of the mask are counted from
the left, and that number is appended to the end of the base address following a slash (/).
In the example here the subnet would be listed in CIDR notation as 192.168.1.0/24.
When is Subnetting Used?
Subnets are created to limit the scope of broadcast traffic, to apply network security
measures, to separate network segments by function, and/or to assist in resolving network
congestion problems..,

A subnet is usually composed of a network router, a switch or hub, and at least one host
How can I Compute the Maximum Number of Hosts for
a Subnet Mask?
To compute the maximum number of hosts for a subnet mask, take two and raise it to the
amount of bits allocated to the subnet (count the number of 0.s in the subnet mask binary
value) and subtract two. You must subtract two from the resulting value because the first
value in the IP address range (all 0s) is reserved for the network address, and the last
value in the IP address range (all 1s) is reserved for the network broadcast address. For
example, DSL networks commonly use 8 bits for their subnets. The amount of allowable

2
hosts for such a DSL network could be computed by the following formula: max hosts =
(2^8)-2 = 254 hosts.

As you subnet networks, the number of bits represented by the subnet mask will decrease.
You decrease the octets in order starting from the rightmost value and proceed left as you
reach a zero value. Mask values decrease by a power of two each time you split a
network into more subnets. Values are 255, 254*, 252, 248, 240, 224, 224, 192, 128.
Each decrease indicates that an additional bit has been allocated. After 128, the next bit
allocated will reduce the fourth octet to 0; and the third octet will follow same 8-number
progression.

For instance, a subnet mask dotted decimal number of 255.255.255.255 indicates that no
bits have been allocated and that the maximum number of hosts is 1 (0^1=1). The subnet
mask 255.255.255.128 indicates that the maximum number of hosts is 128. And the
subnet mask 255.255.128.0 indicates that the maximum number of hosts is 32,786.

254 is not a valid number for the fourth octet because no addresses are available for
hosts. i.e. (2^1)-2 = 0.
What is a Subnet Mask?
A subnet mask allows you to identify which part of an IP address is reserved for the
network, and which part is available for host use. If you look at the IP address alone,
especially now with classless inter-domain routing, you can't tell which part of the
address is which. Adding the subnet mask, or netmask, gives you all the information
you need to calculate network and host portions of the address with ease. In summary,
knowing the subnet mask can allow you to easily calculate whether IP addresses are
on the same subnet, or not.

Determining network and host portions of an IP address

using a subnet mask
To determine what the network address is for any given IP address, you merely have
to convert both octal addresses into binary, and do a bitwise AND operation. An
example using an IP address of 156.154.81.56 used with a network mask of
255.255.255.240 follows:IP Address: 10011100.10011010.01010001.00111000
Subnet mask: 11111111.11111111.11111111.11110000
Bitwise AND -----------------------------------------------
Result: 10011100.10011010.01010001.00110000

As you can see, the network address for the IP address and subnet mask in question is
156.154.81.48. To determine the how many hosts are possible to be on this same
subnet, it is a simple operation. Count the number of bits from the right until you get
to the first "1" in the binary network address display. That number will be the power
you raise 2 to for the calculation of possible number of hosts. You must also subtract

3
two from the result because one address is reserved for broadcast and network
addresses. This leaves you with the final algorithm of 2^n-2. In this case there are 4
bits of 0 in the network address, leaving you with 2^4-2 hosts possible, or 14 hosts.
This means that your network address is 156.54.81.48, that you have a range of
addresses available to hosts from 156.154.81.49 - 156.154.81.62, and that the
broadcast address for this network is 156.154.81.63.
Are subnet masks necessary?
Subnet masks are critical to communications on an IP network. Network devices use
the IP address targets and defined netmask to determine if the network the host is on
is a local subnet, or a remote network. This is important because devices act
differently depending on the result. If the subnet is local, the device will send an ARP
request to retrieve the MAC or hardware address of the system in question to
communicate over the data-link layer. If the address is found to be on a remote
network, then the network device routes packets to the gateway in it's routing table
that is set to handle that network. If no routing table entry is found matching that
network, the packets are routed to the default route. If no default route is defined, the
packets are dropped with nowhere left to go.
What is a Broadcast Domain?
Definitions of a Broadcast Domain

A broadcast domain is a logical part of a network (a network segment) in which any

network equipment can transmit data directly to another equipment or device without
going through a routing device (assuming the devices share the same subnet and use
the same gateway; also, they must be in the same VLAN).

A more specific definition of the broadcast domain is that certain area of the computer
network that's composed by every single computer or network equipment that can be
reached directly by sending a simple frame to the data link layer's broadcast address.

Details on Broadcast Domains

While any layer 2 device is able to divide the collision domains, broadcast domains
are only divided by layer 3 network devices such as routers or layer 3 switches.

Frames are normally addressed to a specific destination device on the network. While
all devices detect the frame transmission on the network, only the device to which the
frame is addressed actually receives it. A special broadcast address consisting of all 1s
is used to send frames to all devices on the network.

The VLAN (Virtual Local Area Network) technology can also create a so-called
"virtual" broadcast domain. A network built with switching devices could see each
network devices as an independent system. These groups of independent systems can
be joined into one broadcast domain, even if the computers are not physically

4
connected to each other. This is very useful when administrating large networks
where there's the need for better network management and control.
How to restrict the broadcast domain?
Since a broadcast domain is the area where broadcasts can be received, broadcasts are
restricted by routers. If a router receives a broadcast signal, it simply drops it. In other
words, the edge or border router connected to the Internet will not up-broadcast or
will not relay that broadcast message. This is problematic and not foolproof either.
Supposing two networks exist and they're connected to each other through a router.
The first network has a running DHCP server that offers IP addresses to networked
systems. On the other side, there is no valid DHCP server running on the second
network. Offering IP addresses from the first network's DHCP server to the second
network's systems can be a difficult task to accomplish since DHCP is a broadcast,
and the router that joins the networks drops the broadcast traffic. This leaves any
DHCP request in the second network, unanswered. Many router manufacturers
provide capabilities for DHCP forwarding to solve this problem. This can be
bypassed by connecting the two networks with a well configured, Linux-based,
purpose-oriented software router. That will handle the job properly and without
further issues.
Examples of Broadcast Domain Implementation
A broadcast domain can be perceived as a portion of a network that is reachable by
network broadcast (an address resolution request of some sort of an announcement of
availability. Messages like "Can I have the address of that network node?" or "I'm
here, a part of this network". Again, unlike collision domains, broadcast domains can
be started at several protocol layers, therefore the broadcast domain as a whole can be
within a single LAN segment but it can be routed over other segments as well.